BredoLab downed botnet linked with Spamit.com

As widely reported last week, the Dutch National Crime Squad's High Tech Crime Team took down the Bredolab botnet that had infected at least 30 million computers worldwide.

The Dutch team said it seized 143 computer servers and disconnected them from the internet. The team worked with a Dutch hosting provider, the Dutch Forensic Institute, internet security firm Fox IT, GOVCERT.NL, and the National Policy Agency to carry out the seizures.

And it now seems that a 27-year-old Armenian - Georg Avanesov - who was arrested last week in connection with BredoLab, which, at its height 12 months ago, was reportedly responsible for 3.6 billion infected emails a day, was closely linked to Spamit.com.

As previously reported by Infosecurity, Spamit.com started shutting down at the end of September, but up to that point, it was credited with most of the world's unwanted emails.

According to security researcher Brian Krebs, investigators allege that Avanesov made up to $139,000 each month renting the botnet out on a crimeware-as-a-service basis.

In a weekend posting to his security blog, Krebs cites Pim Takkenberg, team leader for the Netherlands Policy Agency's High Tech Crime Unit, as saying that Avanesov users the hacker aliases `Spadonaque' and `Atata', and built up his botnet through the use of a number of hijacked websites.

Krebs reports that evidence of the connection between Bredolab and Spamit.com members surfaced as Russian investigators announced they had filed charges against Igor Gusev, a man some have suspected of masterminding Glavmed.com, the world's largest affiliate programme for promoting online pharmacies.

"For his part, Gusev has denied any affiliation with spamming, and told The Moscow News and another Russian daily that the man responsible for bringing false charges against him was none other than his arch nemesis Pavel Vrublevsky, the founder of Russian payment processing firm Chronopay and someone I have written about at length on this blog and while at The Washington Post", he said.

"In a blog purportedly written by Gusev himself, the alleged Glavmed/Spamit chief says he and Vrublevsky used to be business partners when Chronopay was in its infancy", he added.